Privacy Policy

Nacelle (Pty) Limited Privacy Policy 


Thank you for visiting the website of Nacelle (Pty) Limited (“Nacelle”). This Privacy Policy is subject to the terms and conditions contained on (“this Website”), and all definitions contained in such terms and conditions shall apply equally to this Privacy Policy. 

References to “Nacelle”, “we”, “us”, “our” and “ours” in this Privacy Policy mean Nacelle. 

The terms “you”, “your” and “yours” when used in this Privacy Policy mean any user of this Website. 

The privacy of individuals visiting our Website is of importance to us. We are committed to the privacy and confidentiality of information provided to us. This Privacy Policy describes our current policies and practices with regard to any personal information collected by us from you directly and/or through the Website. 

By continuing to use this Website, you agree to the terms and conditions set out in this Privacy Policy. Please note that by submitting information via this Website, you consent to the collection, collation, processing, and storing of such information and the use and disclosure of such information in accordance with this Privacy Policy. We recommend that you read this Privacy Policy together with our terms and conditions prior to submitting information to this Website. 

You can access our full Privacy Policy below to help you to understand better how we use your personal information. In it, we explain in more detail the types of personal information we collect, how we collect it, what we may use it for and who we may share it with. 

Within the Privacy Policy you will find some specific examples of why and how we use your personal information. If you have further questions please get in touch with us by contacting the Nacelle Data Protection Officer at . 

Nacelle is committed to respecting your privacy and protecting your personal information. 

  • We will be transparent about the information we are collecting and what we will do with it. 
  • We will use the information you give us for the purposes described in our Privacy Policy, which include providing you with products and/or services you have requested and enhancing your experience with Nacelle. 
  • We will also use the information to help us understand you better and, if permitted to do so in terms of applicable law, give you information on relevant offers. 
  • If you tell us you don’t want to receive marketing messages we will stop sending them. We will, of course, continue to send essential information relating to a product or service you have purchased from us. 
  • We will put in place measures to protect your personal information and keep it secure. 
  • We will respect your data protection rights and aim to give you control over your own personal information. 

Within the Privacy Policy you will find some specific examples of why and how we use your personal information. If you have further questions please get in touch with us by writing to the Data Protection Officer 

Without prejudice to your rights under applicable laws, the above and the Privacy Policy are not contractual and do not form part of your contract with us. 

Full Privacy Policy  

Controller of / Responsible Party for Personal Information: 

Any personal information processed by Nacelle in connection with this Privacy Policy is controlled by Nacelle, which is considered the “controller” or “responsible party” of your personal information under European Union and South African data protection law, respectively. 

Any provider of products or services, will also separately be a “controller” or “responsible party”. You can access the privacy policies of those providers from them directly. 

What do we mean by Personal Information? 

Personal information means details which identify you or could be used to identify you, such as your name and contact details. It may also include information about how you use our websites and mobile applications. 

When does this policy apply? 

This Privacy Policy applies to personal information about you that we collect, use and otherwise process regarding your relationship with us as a customer or potential customer, including when you use our products, services or our websites. 

Where we reference that others are controllers or responsible parties in the sections “Controller of /Responsible party for personal information” and “Who do we share your personal information with?” you should consult their privacy policies for further information. 

Additional terms and conditions or policies may apply if you elect to take additional products or services from us. 

How can you keep your Personal Information Secure? 

We are committed to implementing leading data security safeguards and we take great care to protect the personal information you provide to us. 

We have specialised security personnel who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction. 

Here are some things you can do to keep your information secure; 

Be aware of and protect yourself against Internet fraud and “phishing”. 

There is an Internet fraud practice known as “phishing” which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm bank or password details into a “cloned” or illegal copy website. 
Make sure you are dealing with Nacelle when you are asked for your bank or credit card details for refund purposes (if and when applicable) and never share your password or PIN with anyone, including us. 

When do we collect Personal Information about you? 

We collect personal information about you whenever you use our products and services (whether these products or services are provided by us or by other companies or agents acting on our behalf), including when you use our Website; or interact with us through email or our contact centres.  

We may also collect information about you from other companies within our group, or third parties, if this is appropriate and allowed by law. These include fraud-prevention agencies, business directories, credit reference agencies and business partners.  

For additional details see “What types of personal information do we collect and retain?” below. 

In addition, we may receive personal information about you from third parties, such as: 

  • Companies contracted by us to provide products or services to you. 
  • Companies who provide details to us under privacy polices providing for information to be shared with Nacelle. 

What types of Personal Information do we collect and retain? 

When you use our products or services, you will need to provide us with your personal details. 

We collect the following categories of personal information: 

  • Information about the products or services we have provided to you in the past.  
  • Information about online registration and other interactions.  
  • Information about your use of our websites, contact centres and mobile applications.   
  • Information about your device and your location if you have been browsing on our website, for example your “Internet Protocol” or “IP” address (i.e. a numeric code that can act as a unique identifier for your computer or other device, which can be turned off from your device) or unique device ID. 
  • Your preferences for particular products, services or lifestyle activities when you tell us what they are – or when we assume what they are, depending on how you use our products and services. 
  • Your contact with us – such as a note or recording of a call you make to us, or through one of our contact centres, an email or letter you send to us or other records of any contact you have with us. 

When and why do we collect “Special Personal Information”? 

Certain categories of personal information, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under European Union and South African data protection law and are referred to here as “special personal information”. Generally, we try to limit the circumstances where we collect and process special personal information. 

Examples of where we may collect and process special personal information includes where you have otherwise chosen to provide such information to us or it has been passed onto us by a third party 

What do we use your Personal Information for? 

The main purposes for which we use your personal information are: 

  • To provide products or services tailored to your requirements and to treat you in a more personal way.  
  • To carry out analysis and market research.  
  • To, subject to applicable law, carry out marketing including targeted online advertising and keep you informed of Nacelle’s products and services.  
  • To send you status updates and service communications.  
  • To improve our websites, products and services.  
  • For management and administrative purposes.  
  • For internal business & operational purposes. 
  • To respond to any questions or concerns you may have about our products or services. 
  • To carry out research and statistical analysis including to monitor how customers use our products or services on an anonymous or personal basis. 
  • To prevent and detect fraud or other crimes, recover debts or trace those who owe us money. 
  • To provide aggregated reports to third parties (such reports do not contain any information which may identify you as an individual). 

When will we send you Direct Marketing? 

We will not use your personal information for electronic direct marketing purposes unless we are permitted to do so by law. With your consent, we may sometimes send direct marketing communications that include a business partners’ products and services. 

We will only allow third parties or other members of our group to send direct marketing communications to you when you have agreed to receive marketing from third parties. 
We will respect your choice as to what communications you wish to receive and how these are sent. 

How can you change what Direct Marketing Communications you receive, how you receive them and unsubscribe: 

If you decide you would no longer like to be sent direct marketing communications, you can unsubscribe or opt out at any time. The ways to stop being sent direct marketing communications are described below: 

Each direct marketing communication we send by email will have an unsubscribe option, which will allow you to stop you receiving further direct marketing emails. You may also stop any further text messages by replying with the word “STOP”. We aim to action requests to stop being sent direct marketing communications as soon as possible, but it is possible that you will receive some marketing in the period prior to that change being made. 

If you ask us to stop sending direct marketing communications, please note we will retain your personal information for the purposes of indicating that you do not want to receive direct marketing communications. 

If you wish to change how we use your personal information, including exercising your right to be forgotten or have your personal information destroyed or deleted, please see section “What are your legal rights in relation to the personal information we hold about you?” and “How can you exercise your legal rights and change how we use your personal information?”. 

What is our Legal basis for using your Personal Information? 

Nacelle will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons that Nacelle has collected and needs to use your information. Under European Union and South African data protection laws in almost all cases the legal basis will be: 

  • Because Nacelle  needs to use your personal information to comply with a legal obligation. 
  • To protect the legitimate or vital interests of you or another person. 
  • Because you have consented to Nacelle using your personal information for a particular purpose. 

More information on each legal basis is provided below. 

If processing of your personal information is subject to any other laws, then the basis of processing your personal information may be different to that set out above and may in those circumstances be based on your consent. 

How long do we keep Personal Information? 

We will keep your information for as long as we need it for the purpose it is being processed for. The information may thereafter be retained so that we can continue to improve your experience with us. 

We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained. If you stop interacting with us as a customer, we will remove or anonymise your information after 7 years. 

Compliance with Legal Obligations: 

There are situations where Nacelle is subject to a legal obligation and needs to use your personal information to comply with those obligations. 

To Protect the Legitimate or Vital Interest of You or Another Person: 

There are situations where we may need to use your personal information to protect the vital interests of you or another person.   


We may collect and use your personal information where you have given your specific consent to us doing so.  

However, if you withdraw your full consent, in some circumstances, and subject to applicable law, we may not be able to provide all or parts of the products or services you have requested from us.  

Who do we transfer to, disclose or share your Personal Information with? 

Your personal information may be shared within our group and our business partners. We share information with them, so they can assist us in providing products and services to you and to understand more about you. 

We may also disclose your personal information (subject to applicable law) to the following third parties for the purpose described here: 

  • Credit and charge card companies, credit reference agencies and anti-fraud screening service providers to process payments and (where necessary) to carry out fraud-screening. 
  • In response to a valid, legal request from government or a law enforcement agency,  
  • Third party service providers we use to provide products and services that involve data processing, for example, to carry out marketing initiatives or run customer surveys on our behalf. 
  • Third parties, such as law firms and law courts, to enforce or apply any contract with you. 
  • Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our client’s, staff and assets. 
  • We may provide usage information (but not your personal details) to other websites so that they know that you have visited our websites. (see “How we use cookies and other methods for the collection of website usage data”.) 
  • We may provide usage information including your personal details if we have your consent, to marketing agencies to deliver online advertising on websites or social networks. 
  • Online or social media platforms, such as Google (Adwords, Youtube etc), Instagram, Twitter and Facebook, in order to facilitate target segmentation with online advertising. Should you no longer wish to be targeted, you can opt out through the preference settings on the respective platforms. For example, on Facebook, you can opt out through the ‘Ad settings’ once logged into your Facebook account at 
  • If necessary to comply with a legal or regulatory obligation in any jurisdiction, including where that obligation arises because of a voluntary act or decision by us (e.g. our decision to operate to a country or a related decision). 
  • If we are reorganised or sold to another organisation, we may transfer any personal information we hold about you to that organisation. 

Where appropriate, before disclosing personal information to a third party, we contractually require the third party to take adequate precautions to protect that data and to comply with applicable law. 

What Countries will your Personal Information be sent to? 

Your personal information may be sent to and stored by us and third parties in countries outside the country in which you are located in order to provide products and services to you or to us. 

This may involve sending your data to countries where under their local laws you may have fewer legal rights than you do in the country in which you are located. 

Where your personal information is transferred because we are using a service provider in a third country, we will implement safeguards so that your personal information continues to be protected to the standards set out in this Privacy Policy. 

If you would like more information on these safeguards, please contact the Data Protection Officer. 

What are your Legal Rights in relation to the Personal Information we hold about you? 

Under data protection laws in the European Union and South Africa, you have certain rights in relation to your personal information. Responses to exercise your rights will be provided within one month and generally there is no fee for making these requests. If your request is particularly complicated we may extend the deadline for responding to 3 months, but we will let you know if this is the case. 
We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and the exceptions to them are set out below. 

Details of how to exercise your rights are set out in the section below “How can you exercise your legal rights and change how we use your data?” 

Your rights include the following: 

  • You may request us to stop sending you direct marketing. To see how to change your permission to receive direct marketing please refer to “How can you change what marketing communications you receive and how you receive them?” which can be located in “When will we send you direct marketing?”. If you do so, we will no longer be able to send you direct marketing communications. These communications will help you get the most from the products and services we provide and may also contain options and other details about the products or services you will be using. 
  • You may request us to stop using your personal information where we are doing so under legitimate interests (see the section “What is our legal basis for using your personal information” for examples of when that applies) unless it is needed for dealing with legal claims or we have other compelling legitimate reasons that override your rights. 
  • Also see “Who do we transfer, disclose or share your information with” in respect of online or social media platform settings. 
  • You may access the personal information we hold on you. 
    There are some limited exceptions to this right, such as information relating to others who have not consented to the disclosure of their information and information which is legally privileged. Please see “Accessing your personal information” which can be located within “How can you exercise your legal rights and change how we use your data?” for more details. 
  • You may ask us to correct your personal information (the “right of rectification”) if that information is inaccurate. In this regard see section on “How can you change what marketing communications you receive and how you receive them?” 
  • You may ask for personal information which identifies you to be erased (or forgotten). To do this we will remove the information that identifies you from the data we hold in our active systems (“anonymise”). However, a separate and restricted copy of the identifying information will (subject to applicable law) be kept for 7 years to meet the obligations we have to law enforcement, national authorities and legal proceedings. 

Considerations when you submit a request to have your personal information erased: 

  • We may need to retain certain elements that relate to a contract between you and Nacelle because we need it for our own legal and auditing purposes (for more information on the basis on which we process your personal information see the section “What is our legal basis for using your personal information?”). 
  • A record of your request including the personal information you supplied will be retained in the application used to carry this out for 3 years. 
  • In some circumstances it may mean we will not be able to provide all or parts of the products or services you have requested from us in relation to preferences you have previously shared with us. 
  • We cannot erase your personal information if we have identified that you either have an open complaint with us or we hold a previous case for you within the past 6 years. We are required to retain this information in case there is a need to re-open the complaint. 

How can you Exercise your Legal Rights and Change how we use your Data? 

If you wish to change how we use your personal information, please contact our Data Protection Officer. We will ask for some information to identify you, which will only be used to process your request. We will verify your identity by email before processing your request. 

Accessing your Personal Information: 

If you wish to receive a copy of your information, you can make your request in writing to the Data Protection Officer and include the following information with your request: 

  • Your name and postal address. 
  • Details of your request. 
  • A photocopy of your passport, photo identification or driving licence, so that we can verify your identity. 
  • Your signature and the date of the request. 

Any details which may help us locate the information which is the subject of your request, for example: 

  • Telephone recording details [identifier number, the number you call from, the number and option you dialled, the date and time of your call(s)]. 

If you wish the information to be provided to you in a machine-readable copy, please indicate that at the time of making your request.  

How will we inform you of Changes to this Privacy Policy? 

If we change this Privacy Policy, we will let you know about the changes by publishing the updated version on We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Privacy Policy. 

This Privacy Policy came into effect on 10 September 2018. This Privacy Policy applies to all information we process about you in connection with your relationship with us as a customer or potential customer. 

Please contact the Data Protection Officer if you would like to find out more about any matters to do with this Privacy Policy. 

How to get in touch with us and your Right to Complain: 

If you have any questions or complaints about this Privacy Policy, or how we handle your personal information, please contact the Data Protection Officer. 

We work hard to handle your information responsibly. We hope that we will be able to resolve any concerns you may have, but in the unlikely event that we do not, you have the right to contact the relevant data protection supervisory authority or regulator. For example, the Information Regulator in South Africa, once operational, can be contacted at

For more information on COVID-19 and government regulation: Click here